Changeset 10323 for trunk/wp-admin/includes/user.php
- Timestamp:
- 01/06/2009 10:00:05 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/user.php
r10150 r10323 10 10 * Creates a new user from the "Users" form using $_POST information. 11 11 * 12 * {@internal Missing Long Description}} 13 * 14 * @since unknown 12 * It seems that the first half is for backwards compatibility, but only 13 * has the ability to alter the user's role. Wordpress core seems to 14 * use this function only in the second way, running edit_user() with 15 * no id so as to create a new user. 16 * 17 * @since 2.0 15 18 * 16 19 * @param int $user_id Optional. User ID. … … 23 26 24 27 if ( isset( $_POST['role'] ) ) { 28 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 25 29 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' ) ) { 30 // If the new role isn't editable by the logged-in user die with error 31 $editable_roles = get_editable_roles(); 32 if (!$editable_roles[$_POST['role']]) 33 wp_die(__('You can’t give users that role.')); 34 26 35 $user = new WP_User( $user_id ); 27 36 $user->set_role( $_POST['role'] ); … … 35 44 36 45 /** 37 * {@internal Missing Short Description}}38 * 39 * {@internal Missing Long Description}}40 * 41 * @since unknown46 * Edit user settings based on contents of $_POST 47 * 48 * Used on user-edit.php and profile.php to manage and process user options, passwords etc. 49 * 50 * @since 2.0 42 51 * 43 52 * @param int $user_id Optional. User ID. 44 * @return unknown53 * @return int user id of the updated user 45 54 */ 46 55 function edit_user( $user_id = 0 ) { … … 66 75 67 76 if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { 77 78 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 68 79 if( $user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap( 'edit_users' )) 69 $user->role = $_POST['role']; 80 $user->role = $_POST['role']; 81 82 // If the new role isn't editable by the logged-in user die with error 83 $editable_roles = get_editable_roles(); 84 if (!$editable_roles[$_POST['role']]) 85 wp_die(__('You can’t give users that role.')); 70 86 } 71 87 … … 243 259 244 260 /** 261 * Fetch a filtered list of user roles that the current user is 262 * allowed to edit. 263 * 264 * Simple function who's main purpose is to allow filtering of the 265 * list of roles in the $wp_roles object so that plugins can remove 266 * innappropriate ones depending on the situation or user making edits. 267 * Specifically because without filtering anyone with the edit_users 268 * capability can edit others to be administrators, even if they are 269 * only editors or authors. This filter allows admins to delegate 270 * user management. 271 * 272 * @since 2.8 273 * 274 * @return unknown 275 */ 276 function get_editable_roles() { 277 global $wp_roles; 278 279 $all_roles = $wp_roles->roles; 280 $editable_roles = apply_filters('editable_roles', $all_roles); 281 282 return $editable_roles; 283 } 284 285 /** 245 286 * {@internal Missing Short Description}} 246 287 *
Note: See TracChangeset
for help on using the changeset viewer.